> Adrian Chadd wrote: >> On Wed, Mar 05, 2008, Laszlo Attila Toth wrote: >>> Okay, I simply add other hunks to squid code as Amos wrote: >>>> - migrate defined LINUX_TPROXY -> LINUX_TPROXY2 >>>> - add defined LINUX_TPROXY4 >> >> Well, LINUX_TPROXY defines a whole bunch of stuff relevant to generic >> "full" transparency as well as the TPROXY specific stuff. >> >> That needs to broken out somewhat. Argh, I wish I had the time >> to poke it. > > Hm. I don't know what would be the best way, because I am not familiar > with the squid code. What I know is: TProxy4 requires minimal code > change. My problem is: where to change and how to use ifdef-ed codes > (LINUX_TPROXY and the two new: LINUX_TPROXY2, LINUX_TPROXY4).
Where, is likely to be the spots currently using LINUX_TPROXY (now LINUX_TPROXY2) and LINUX_NETFILTER (adding LINUX_TPROXY4) Some points with "#if LINUX_TPROXY" will need to become "#if LINUX_TPROXY2 || LINUX_TPROXY4" All points with "#if LINUX_NETFILTER" are likely to need "#if LINUX_NETFILTER || LINUX_TPROXY4" > > It requires the following socket option: > > #ifndef IP_TRANSPARENT > #define IP_TRANSPARENT 19 > #endif > > Then both the listening socket and the outgoing socket has to get this > socket option (if the setsockopt fails, tproxy can be ignored). > > The socket option requires CAP_NET_ADMIN capability. > > Regards, > Attila > Adrians seems to want to do eth -2 bits. I'll see about a branch in the new bzr setup for squid-3. Amos
